VYPR

Snapdragon

by Qualcomm

CVEs (937)

  • CVE-2021-35071MedJun 14, 2022
    risk 0.36cvss 5.5epss 0.00

    Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables,…

  • CVE-2021-30331MedApr 1, 2022
    risk 0.36cvss 5.5epss 0.00

    Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

  • CVE-2021-1930MedSep 8, 2021
    risk 0.36cvss 5.5epss 0.00

    Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2020-11221MedMar 17, 2021
    risk 0.36cvss 5.5epss 0.00

    Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon…

  • CVE-2020-11199MedMar 17, 2021
    risk 0.36cvss 5.5epss 0.00

    HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,…

  • CVE-2020-11123MedNov 12, 2020
    risk 0.36cvss 5.5epss 0.00

    u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute,…

  • CVE-2020-3679MedSep 9, 2020
    risk 0.36cvss 5.5epss 0.00

    u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…

  • CVE-2020-3674MedSep 9, 2020
    risk 0.36cvss 5.5epss 0.00

    Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan,…

  • CVE-2020-3644MedSep 8, 2020
    risk 0.36cvss 5.5epss 0.00

    u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…

  • CVE-2020-3643MedSep 8, 2020
    risk 0.36cvss 5.5epss 0.00

    u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables,…

  • CVE-2020-3621MedSep 8, 2020
    risk 0.36cvss 5.5epss 0.00

    u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer…

  • CVE-2020-3620MedSep 8, 2020
    risk 0.36cvss 5.5epss 0.00

    u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics…

  • CVE-2019-14115MedSep 8, 2020
    risk 0.36cvss 5.5epss 0.00

    u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute,…

  • CVE-2019-10626MedJun 22, 2020
    risk 0.36cvss 5.5epss 0.00

    Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2019-14067MedJun 2, 2020
    risk 0.36cvss 5.5epss 0.00

    Using non-time-constant functions like memcmp to compare sensitive data can lead to information leakage through timing side channel issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,…

  • CVE-2019-14075MedApr 16, 2020
    risk 0.36cvss 5.5epss 0.00

    Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destructor in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605,…

  • CVE-2019-14007MedApr 16, 2020
    risk 0.36cvss 5.5epss 0.00

    Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2019-10608MedApr 16, 2020
    risk 0.36cvss 5.5epss 0.00

    Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon…

  • CVE-2019-10523MedApr 16, 2020
    risk 0.36cvss 5.5epss 0.00

    Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W,…

  • CVE-2019-10616MedMar 5, 2020
    risk 0.36cvss 5.5epss 0.00

    Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,…

Page 44 of 47